Re: Making sure OWA is secure

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 12 Oct 2004 12:21:10 -0400

On Tue, 12 Oct 2004 08:06:15 +0200, Lettah LG. Dladla
<lgdladla@xxxxxxxxx> wrote:
> Dear all
> I have activated the Web access , how do I make sure it is secured?

How far do you want to go? Personally, I say go as far as you can
without reducing (important and useful) functionality.

1) Disable all unessential services on the server hosting OWA
2) Make sure all Windows, Exchange, IIS, etc. security patches are up to date
3) Configure SSL for OWA ( has an article about this) 
4) Install URLScan and IISLockdown tools (make sure you read the
documentation, specifically, if you don't set it up right, it will
break OWA)
5) Put a firewall in-front of the OWA/Exchange server, so that only
port 443 inbound and outbound traffic is allowed through to your
Internet/external interface
6) Scan the server with up-date and Exchange aware anti-virus software
7) Make note of session time-outs for OWA, they are important for your security
8) Educate your users to CLOSE all web browser windows after they are
done with OWA -- better yet, have them clear the cache and history if
they can

There are many other things you can do... search the net. 

I found this:


Other related posts: